Last post Sep 04, 2017 12:51 AM by noJedi
Aug 28, 2017 08:16 AM|noJedi|LINK
cant seem to get this working...
documentation indicates that "$AppDir$" is the only permitted path for write (by default) for CAS.
However the below configuration always gives SecurityPermission failures when hitting the "Trace.TraceError()" lines (for example)...
I have only tested in IISExpress, but is there something I'm missing in this respect? Is there some aspect I've missed?
I feel like the config SHOULD be okay but perhaps "No file access is permitted outside of the application's virtual directory hierarchy." is NOT where the <no path specified> in the config actually goes after build time?
or perhaps (as specified in some WCF doco) I need to use a webSITE, not a web APP template? (if this is the reason "why?")
<add name="myListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="TextWriterOutput.log" />
<remove name="Default" />
Aug 28, 2017 01:22 PM|PatriceSc|LINK
This is likely the "current directory" for the process that is the same path returned by https://msdn.microsoft.com/en-us/library/system.io.directory.getcurrentdirectory(v=vs.110).aspx
Try perhaps an absolute path to make 100% where it goes. Maybe also you are allowed to use a virtual path that would be then transformed to a physical path ?
Aug 28, 2017 09:53 PM|noJedi|LINK
Hmm... sadly doesn't look like it, but good thinking! (tried many permutations and no luck... even tried adding the "App_Data" folder and trying there but no luck.
I know WCF is not ASP but there are similarities and I thought that perhaps this : https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/partial-trust-feature-compatibility was
the guidance I was looking for but while I'm following all these rules, I'm still getting the same error.
If I run the process by code not config the line that is failing is certainly "Listeners.Add()"
I've seen this https://msdn.microsoft.com/en-us/library/system.diagnostics.trace(v=vs.110).aspx and there is a bit that says
"If you add trace listeners to partially trusted code, you will get a SecurityException exception, because adding trace listeners requires UnmanagedCode permission.
To trace partially trusted code that is running in a sandbox in Visual Studio, do not add trace listeners. Instead, view the Trace and Debug messages
in the Output window."
(which is contrary to the "WCF can use TextWriter in the app directory" documentation), So I may be completely out of luck and this is simply not permitted in "normal" code...?
Aug 31, 2017 12:16 PM|noJedi|LINK
Does anyone know how to get the "what permission is being requested at point of failure" and "what policy group/trust level is in "play"" at a given time?
Where to look in debugger, tools to use that can view this (procmon doesn't seem to "see" any CAS stuff...
Sep 01, 2017 07:19 AM|Eric Du|LINK
According to your description, I think you could check the following links that how to record the trace log. Please check:
Tracing in .NET and Implementing Your Own Trace Listeners:
How to use the Process Monitor tool to generate a log file for an application in the App-V (SoftGrid) virtual environment:
Sep 04, 2017 12:51 AM|noJedi|LINK
Oddly I figured it out.
But not sure if I'm missing something or if this is "part of it all"
As specified in the documentation TraceListeners can't be added that require UnmanagedCode...
How you figure out which tracelisteners require unmanaged code permission or not is outside of my grasp...
Does anyone know if adding the UnmanagedCode permission set to the
Flags="Execution, ControlThread, ControlPrincipal, RemotingConfiguration"
is dangerous (obviously it has risks) in particular if you control the server and the only app on the server is running these sets of partial trust apps?
Any idea how to quantify this kind of modification? or do I need a security expert consultant?
(Eric thanks for your link, they were helpful!)